Overview
Whether you are a media publisher, content owner, a business enterprise, a government department or an educational institute, content security is of utmost importance and a key challenge. VIDIZMO was designed to be highly secure from the ground up and to meet security requirements of both IT and business users, it includes several security layers at application, database, storage, and data center levels.
1. Application-level Security
SSO/Identity Federation
VIDIZMO provides identity federation and single sign-on integration with industry standard protocols such as OpenID Connect, strong password, multi-factor authentication, ensuring no personal data. Content security is offered through token-based authentication; granular content access rights management provides ultimate control over who has access to content. To learn more, see: Setting up Single Sign-on in VIDIZMO.
AD Attributes and Groups Synchronization
VIDIMZO has very tight integration with Active Directory allowing synchronization of users, any attribute, security groups to be synchronized with VIDIZMO. Furthermore, rules can be created routing users based on synchronized attributes to a certain portal, content or perform a certain action.
Role-Based Access Control (RBAC)
Role-based access control is a method of regulating access to the computer or network resources based on the roles of individual users within an enterprise. VIDIZMO allows these roles to be configured for each portal, and to be assigned to all users that require access to the content being uploaded or published via VIDIZMO.
To learn more, see: Understanding VIDIZMO User Roles.
Content Segregation
Thanks to the multi-tenant design, each VIDIZMO portal provides complete segregation of content among various portals. This access can be inherited/ shared among a group of portals or can be completely customized for each portal. To learn more, see: Understanding Portal's Security Policy.
Audit Logs
Complete security audit logs are maintained with IP addresses, date stamps associated with user accounts accessing the platform. To learn more, see: How to View and Export Audit Logs.
Trusted Domains
Trusted Domains allow secure connections with other enterprise systems on the network. To learn more about it, see: Understanding Portal's Security.
HTTPS
At Network level, all requests are exchanged using HTTPS for secure communication.
Network Management
Network location detection, filtering, and redirection allow requests to be routed to designated servers and edge appliances, preventing unauthorized networks from accessing the content altogether.
2. Database/Storage Level Security
Data Encryption
All data including passwords, user profiles, and sensitive content information can be encrypted using AES256 and 3DES encryption.
Content Encryption
At Storage level (at-rest), content can be encrypted using AES128 and/or PlayReady or Widevine DRM with TLS for in-transit encryption. To learn more about DRM, see: Understanding Digital Rights Management in VIDIZMO
3. Datacenter Level Security
VIDIZMO leverages Microsoft Azure and Amazon Web Services to monitor, detect, and resolve any issues:
Security Center
VIDIZMO uses a central view of the security state of its deployments to verify that the appropriate security controls are in place and configured correctly.
Security Policies
VIDIZMO can define security policies for specific customer deployments according to their security needs.
3rd Party Security Solutions
VIDIZMO can rapidly enable a range of security solutions from 3rd party providers, including industry-leading firewalls and antimalware.
Global Threat Intelligence
VIDIZMO leverages Microsoft global threat intelligence and expertise with insights into security-related events across customer deployments. Security Center helps VIDIZMO detect actual threats early and reduces false positives. Security alerts offer insights into the attack campaign, including related events and impacted resources, and suggest ways remediate issues and recover quickly.
4. Public CDN Level Security
VIDIZMO leverages Azure CDN for:
DDoS Protection
Reverse-proxy architecture with sophisticated DDoS identification and mitigation technologies to protect our customers and their users by identifying, absorbing, and blocking security threats.
Fast Purge
Fast Purge to remove any content from CDN.
Geo-Blocking
Country Filtering to block countries content can be delivered to.
Rule-Based Engine
Rule-Based Engine to configure advanced workflows for allowing/denying access to content.
Location Detection
Location detection based on country or network operator.
HTTPS support
HTTP over TLS ensures all data is encrypted and secured in-transit.
Contributions were made by Javeria Hasan & Sarah Hussain.